EZD0827I   Remote port translated: timestamp sipaddr= sipaddr dipaddr= dipaddr proto= proto srcport=srcport dstport=dstport ikeport=ikeport xlateport=xlateport vpnaction= vpnaction tunnelID= tunID ESPSPI= ESPindex

Explanation

The connection source port in the inbound packet (srcport) was already in use by another client with the same public source IP address and a translated source port for this client was not already assigned. A translated source port (xlateport) is assigned and will be used to complete the connection. Subsequent packets from this client using the same source port will also use the translated port value specified by xlateport.

timestamp is the stack timestamp that indicates the time at which the failure was detected by the stack. This time is retrieved from the system time-of-day clock, which usually reflects coordinated universal time. This timestamp might be different than the syslogd message timestamp.

sipaddr is the public source IP address.

dipaddr is the destination IP address at the time the translated source port was assigned. Subsequent packets using the translated port (xlateport) might have a different destination IP address.

proto is the protocol from the decapsulated packet. Possible values are:
  • TCP(6)
  • UDP(17)

srcport is the original connection source port.

dstport is the connection destination port at the time the translated source port was assigned. Subsequent packets using the translated port (xlateport) might have a different destination port.

ikeport is the source port from the UDP encapsulation header.

xlateport is the port assigned by IPSec processing that will be used on this stack in place of srcport.

vpnaction is the name specified on the IpDynVpnAction statement.

tunID is the tunnel ID.

ESPindex is the ESP security parameter index.

System action

TCP/IP processing continues.

Operator response

None.

System programmer response

None. This message is for informational purposes only. If it is necessary to obtain information about this connection from the client system, the original connection source port might be needed. The original source port can be found in this log message or by using the ipsec command to display the translated port information.

See the information about managing network security in z/OS Communications Server: IP System Administrator's Commands or issue the man ipsec command in a z/OS® UNIX shell to obtain information about the ipsec command syntax and options.

See the information about remote port translation in z/OS Communications Server: IP Configuration Guide for additional information about port translation.

Module

EZATRZOS

Procedure name

trmd_ipsec_log